⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-11500Out-of-bounds Write in Dovecot

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation11 documents7 sources
Severity
9.8CRITICALNVD
EPSS
38.3%
top 2.76%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
DovecotDovecot PigeonholeDebian Dovecot+2 more
Timeline
PublishedAug 29
Latest updateMay 24

Description

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDdovecot/pigeonhole< 0.5.7.2
debiandebian/dovecot< dovecot 1:2.3.7.2-1 (bookworm)
NVDdovecot/dovecot2.3.02.3.7.2+1
Debiandovecot/dovecot< 1:2.3.7.2-1+3

Also affects: Debian Linux 8.0, Fedora 30

Patches

Patch: dovecot.orgPatch: dovecot.org

🔴Vulnerability Details

2
GHSA
GHSA-mqm8-r3v6-8mmv: In Dovecot before 22022-05-24
OSV
CVE-2019-11500: In Dovecot before 22019-08-29

📋Vendor Advisories

6
Ubuntu
Dovecot vulnerability2019-08-28
Red Hat
dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes2019-08-28
Ubuntu
Dovecot vulnerability2019-08-28
Ubuntu
Dovecot regression2019-08-28
Ubuntu
Dovecot regression2019-08-28

💬Community

2
Bugzilla
CVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes [fedora-all]2019-08-29
Bugzilla
CVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes2019-08-14